Trusted insiders not only have access to sensitive corporate data, they also have unprecedented access to mediums with which to move that data. DLP solutions provide a security barrier keeping sensitive data within the organization. But intent insiders can find a way around, making the ability to watch for, detect and alert on new breaches critical to making your Data Leak Prevention strategy even more effective.
Enterprise networks are now more accessible than ever before. Increasingly, these networks are supporting a broader range of user types, including partners, consultants, customers and other guests. They are also supporting a greater number and variety of endpoint device types, such as tablets and smartphones - a significant number of which may be user-owned - and the growing number of applications and application types that run on these devices. This erosion of the traditional network perimeter and explosion of network devices demand a new approach to identity and access control and a comprehensive enterprise security solution that leverage both fully integrated security intelligence and granular policy enforcement to minimize threats to the enterprise network.
Learn about: The evolution of user and transaction authentication, Traditional defense strategies against SQL injection and malware attacks, Emerging trends, technology capabilities and widespread adoption, Sub-second device and transaction verification, and Balancing end-user experience and security
Each year, iDefense covers the subject of cyber security disruptors in preparation for its annual "Cyber Threats and Trends" report. This annual presentation covers the disruptive abilities of new technologies that could fundamentally change the security threat environment for enterprise organizations. The webcast will re-evaluate previously identified disruptors, and will introduce some recent disruptors that iDefense believes have the potential to impact enterprise cyber security practitioners and their networked environments now or in the near future. Topics covered will include:
In today's business environment Security and Compliance initiatives are more important than ever -- across virtually all industries. 90% of organizations believe that they have lost confidential documents in the past year. The cost of a corporate data breach can lead to loss of hundreds of millions of dollars, non-compliance with Federal and State laws and loss of credibility and trust from customers, employees and partners. Recently, an Infotrends study found that only 52% of companies have scanning policies and worse, only 34% have document management systems in place.
Firewall deployments in large organizations can easily get out of control - and become rife with unnecessary risk. Inappropriate access is granted readily. Constant change complicates policy implementation. A real-time, enterprise-wide picture of network security posture is a distant dream. Only by automating tedious manual processes at the operations, management and compliance levels of the organization can security teams regain control and better protect their information. This requires consolidated, real-time data of the security infrastructure and a scalable, distributed solution that provides fast, flexible analysis and reporting.
Let's face it, it's no longer a matter of 'If' your organization will be breached, but 'When' (if it hasn't already happened and you just don't know it). The key question is 'How can you gain better visibility, sooner to the signs that you've been breached or that you're the target of an advanced threat?' In this webinar, John Kindervag, Forrester principal analyst for security and risk, will discuss how the combination of Big Data security analytics and network analysis and visibility (NAV) capabilities provide the necessary extra ingredients for SIEM to move from merely a compliance reporting platform to delivering situational awareness and "INTEL" to: • Detect breaches and threats in near real-time • Help stop intrusions • Prevent the exfiltration of data
Customer data. Corporate financials. HR records. Strategic M&A plans. These are all part of the ecosystem of data that you have to protect. How effective are your current processes in delivering this protection? If traditional security technologies actually delivered the promised level of protection, why is there a constant stream of companies still getting breached, losing their customer data, and failing audits?
Why are so many enterprises rushing to implement network access control (NAC) now? Watch this webcast to learn about the many uses of NAC, including techniques to:
Many organizations aren't just moving to the cloud, they're sprinting! But too often, concerns about security and compliance emerge and projects end of being delayed, and in a few cases, even cancelled all together. What are the proven practices that organizations are employing to address security and compliance concerns and keep cloud application projects moving forward?
This webcast examines security for "Big Data" environments, reviewing built-in protections and weaknesses of these systems. Our goal is to educate Big Data users on security problems they face with pragmatic advice on how to secure these environments.
One of the biggest challenges for IT Security departments is the threat of authorized users causing inadvertent data breaches. Confidential data sent to the wrong people can result in embarrassing headlines, lost business, and large financial penalties.
Tens of thousands of organizations from across the globe depend on Websense to secure web, data, and email content. Websense provides a unified content security platform, allowing its customers to take advantage of powerful new communication, collaboration, and Web 2.0 business tools while protecting them from advanced persistent threats. All this helps to prevent the loss of confidential information and enforce Internet use and security policies.
Given the alarming growth and unpredictability of distributed denial of service (DDoS) attacks, the availability of an organizations' critical Web systems depends on its ability to adapt and scale across the entire online infrastructure.
In today's complex business environment, it's becoming harder for information security groups to keep up with demands for securing their data throughout the enterprise. In today's webcast we will discuss the risks to sensitive data and some of the fundamental challenges with securing data efficiently. We will also explore how enterprises are now taking a data-centric view at securing their data, and how they are simplifying their efforts.
Join Davi Ottenheimer, president of risk mitigation firm flyingpenguin and an assessor with technology consulting firm K3DES, and Andrew Maguire of security management firm RedSeal Networks on Tuesday, Aug. 14, 2012 at 2:00 p.m. EST for a webcast that details how merchants and service providers can more cost effectively achieve PCI compliance with their networks.
According to Verizon's 2012 Data Breach report, 71% of breaches involve an employee. From ringleader, to unwitting participant, employees are potentially a company's greatest risk. SpectorSoft's Webinar - 'The Anatomy of a Data Breach' - explores how long breaches take, the methods by which they occur, and how they are discovered. The Webinar will also cover how SPECTOR 360 User Activity Monitoring software protects organizations during each phase of a Data Breach. SPECTOR 360 permits employers to discover, document, and draw attention to the business threats facing their workplace every minute of every business day.
Just as context is key to understanding a concept, security data can also be enriched with contextual data to provide better understanding and actionable intelligence. Learn how a security foundation built on organizational, infrastructure and external context can elevate the information provided by both "Next Generation" and legacy security devices provides actionable intelligence - the ability to quickly and efficiently make fully informed security decisions.
CISOs and their peers realize that ad hoc encryption is no longer adequate - leading to higher costs and increased risk. So, what's needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization.
As cybercriminals have become more skillful and sophisticated, the constantly mutating threat landscape requires new defensive measures. How can companies prevent cybercriminals from monetizing stolen data? Hear a leading Forrester analyst and Vormetric share their latest research and tips for protecting your sensitive data.
As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary - but not sufficient - layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term.
DDoS (Distributed Denial of Service) attacks have evolved from a nuisance perpetrated by pranksters to a sophisticated tool wielded by criminals. DDoS defenses are rising to the challenge, incorporating greater scale and intelligence. DDoS defense is no longer one size fits all.
The proliferation of cyber attacks that we have witnessed in the past year has sparked intense interest in the disclosure of cybersecurity risks by public companies. Public companies are subject to greater compliance requirements, generally have more funding, and were recently encouraged by the SEC to disclose material cybersecurity risks in their SEC filings.
Most IT security professionals readily acknowledge that is only a matter of time before their organizations experience a breach, if they haven't already. And, according to the recent Cyber Threat Readiness Survey, few are confident in their ability to detect a breach when it happens.
Compelling economic and operations benefits puts moving to virtual data centers high on the approved projects list of many organizations. New processing and security infrastructure, including next gen firewalls, promise significant leaps in both performance and security. But what are the key factors to focus on to ensure these are delivered as promised?
A recent survey of 302 IT decision makers in the U.S. and Canada revealed 91% of companies allow removable storage devices on their corporate networks, but only 34% enforce encryption.
The challenge every security pro faces each morning is "what to do first?" Big picture planning, threat detection, refining operations and automating compliance clamor for attention every day. How to be most effective? By consistently making fact-based decisions, based on operations data, that reflect your organization's priorities.
Real-life discussions of CSO/CISOs on avoiding the pitfalls and problems of enterprise IT Security—negotiating risk between executive suite, business units, and even within their own IT organizations.
Gain insights into how to virtualize more by building a security fortress around your "in-scope" virtual environment with HyTrust. Join HyTrust experts and specials guests outline the business drivers for this critical security blueprint.
The reality is that many organizations have spent millions and years trying to get productivity out of their SIEM - with mediocre results. Most security teams need to start asking themselves some key questions: Is it time? Are you waving the white flag? Has your SIEM failed to perform to expectations despite your significant investment? If you are questioning whether your existing product can get the job done, you are not alone.
Today, business is conducted over a variety of networks and devices. As a result, traditional data protection is more complex than ever before. It is no longer feasible to protect data by preventing one type of attack at a time with specialized products that work in isolation.
Attackers don't sleep. Actually, their automated tools for reconnaissance never take a break and due to the power of the Internet, an attack on your organization can originate from literally anywhere. Compound that with the ongoing failures of most preventative security measures (AV, IPS, etc.) and the increasing sophistication of targeted attackers, and you leave organizations with no choice but to focus more on detection than prevention. Join Securosis analyst Mike Rothman and Tenable Network Security's product manager Jack Daniel on this webcast and learn how an approach to continuous monitoring can help any organization "React faster and better" to emerging threats, and the importance of monitoring everything you can.
In 2011, breaches dominated the security headlines. Whether you call them advanced persistent threats (APTs), targeted attacks, or advanced malware infections, their devastating results are the same. And stopping data theft from these advanced cyber threats has become a high priority project for many companies. What's so different about these stealthy threats that allow them to bypass traditional security layers? How are they successful at infiltrating networks?
Looking at the news in information security across the last 18-24 months, one common denominator emerges - the user has become the unwitting accomplice in the breach of our networks. Invincea offers a solution to this problem - a solution that protects the network from the user and the user from him or herself.
Secure portable operating environments on USB have evolved to being able to carry an entire operating system on a small flash drive form factor. Boot-from-USB solutions on secure USB devices can instantly turn a non-trusted, unmanaged machine into a fully managed trusted desktop. Teleworkers can use home computers as if it were a corporate laptop. Corporate machines can be re-purposed for multiple uses such as separating environments, or thin client replacements.
Your end users are connecting their personal devices, including iPhones & iPads, onto the enterprise network using unsecure networks, from coffee shops to airports, basically everywhere. That's why we consider the enterprise to now be in the pocket of your employees, anywhere they use mobile devices.
More than two decades into utilizing network firewalls, most organizations are still struggling to properly manage them. Cluttered rulesets, overly permissive policies, and poor change management processes are just some issues plaguing organizations.
The reality is that many organizations have spent millions and years trying to get productivity out of their SIEM - with mediocre results. Most security teams need to start asking themselves some key questions: Is it time? Are you waving the white flag? Has your SIEM failed to perform to expectations despite your significant investment? If you are questioning whether your existing product can get the job done, you are not alone.
Today's IT network is more distributed and virtual than ever with the increased use of remote endpoints and cloud-based applications. And increasingly sophisticated malware is targeting the information stored on and accessed by these endpoints and applications. The security status quo has left organizations managing a multitude of products - and has not reduced the IT risk. This series examines the evolving threat landscape, why current defenses are decreasing in effectiveness and what key strategies you can implement to shift from the status quo and improve security from zero-day and targeted attacks, while also simplifying and reducing the costs of managing the endpoint environment.
Database Activity Monitoring is a key requirement of many compliance mandates - monitoring and logging all database activity to ensure that sensitive data is being access appropriately, and by the right people. But when DAM and SIEM are integrated, the combination provides valuable context that can be used to actively protect your network from data loss and fraud. Learn how an integrated, high performance SIEM & DAM solution both addresses compliance needs and helps detect insider threat and external attacks.
Implementing compliance and internal audit reporting for databases is a critical IT requirement. Auditors need proof that databases containing sensitive data were not improperly accessed or altered, and database administrator activity must belogged and monitored.
Smartphones, tablets and personal devices are on your corporate network. Your users want personal connectivity and executives wants added productivity, but security must be maintained. What is the prudent path to satisfy all constituents? Lead by Illena Armstrong and Gil Freidrich VP of Technology at ForeScout, this timely webcast will examine: key mobile security risks, pertinent policies and alternative countermeasures, 5 proven scenarios for effective guest management, and phased steps for effective visibility and seamless enforcement.
What vulnerabilities threaten the integrity and performance of your software in the software supply chain? Find out In Veracode's presentation The State of Software Security -- a semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode's cloud-based application risk management services platform.
As approaches for logical and physical access increasingly draw on similar technologies, CIOs seek efficient methods to consolidate these two environments to save money and enhance security. With the evolution of smartcard technology, enterprises can integrate two security environments — physical and logical access — to provide consolidated management, improved ROI and a total security view.
The forceful advancement of Web 2.0 applications and mobile devices have revolutionized how companies operate. They've also radically affected the day-to-day processes of a typical IT department. So the question remains: how can IT create policies that help increase employee productivity and still enforce tight security measures?
While many organizations have deployed security information and event management (SIEM) solution to meet regulatory compliance requirements, high performance SIEM solutions can do much more. By correlating events, logs, and network flows SIEMs can uncover a range of diverse &low and slow" attacks. With threats moving rapidly "up the stack," content aware SIEMs can integrate database session and application layer data to detect dangerous botnets, hidden payloads and covert communications channels.
Tuesday April 5th 2011 - Today, more than 1.6 million new malware signatures are identified each month. And more organizations are falling prey to "zero-day" attacks - malware for which an anti-virus signature does not exist. It's no surprise that roughly half of the organizations surveyed in a 2010 Ponemon Institute study reported an increase in their IT operating expenses - a main driver of that cost increase was malware. Traditional anti-virus simply can't keep up in the malware arms race and relying on it as your primary defense will prove costly.
Wednesday, Mar. 30th 2011 - Every day information security analysts battle a technically competent and motivated adversary determined to harm their organizations. Join our webcast to understand the tactics used by hackers and malicious insiders as they try to extract confidential data without authorization. You will also learn how to achieve complete visibility across your organization with SIEM, and how a focus on User Monitoring, Database Activity Monitoring and File Monitoring can stop these adversaries in their tracks.
Thursday, Mar. 31st. 2011 - It's unavoidable: Your company has to go social to keep up with today's Web culture. But sites like LinkedIn, Twitter, and Facebook are easy targets for spam, malicious code, and poisoned Web links. This puts your organization just one click away from a serious security breach. Find out how to dodge these threats while riding the cutting edge of the social Web.
Escalating IT security threats and strengthening regulatory requirements are driving adoption of multi-factor authentication to unprecedented levels.
Ponemon Institute and Tripwire have completed their annual cost of compliance benchmark study of multinational organizations. The study reveals that the costs of non-compliance, which includes disruption of services, fines, legal fees and more, is almost three times the cost associated with compliance. It also provides insight into activities organizations can undertake to reduce the cost of compliance while also improving security.
Did you know two-thirds of working professionals expose sensitive corporate data outside the workplace - some even exposing highly regulated and confidential information like customer credit card and social security numbers? Visual Privacy - the protection of sensitive information as it is displayed on screen - is an emerging issue in information security and an under-addressed area of risk in corporate security policies. Given the rapid digitization of sensitive information and the growing mobility of workers today, the need to protect displayed information has grown substantially.
Virtualization is the number one technology priority for Enterprise CIO's according to a recent Gartner survey.
Are you ready for 2011? As we return from the holidays for another year, we should be prepared for the security threats we will face in 2011. In this webcast, ArcSight security expert, Aarij Khan, will highlight what to expect in the upcoming year.
Protecting against and detecting potential data leakage is at the heart of the WikiLeaks controversy. However there is no "one size fits all" solution. It must be addressed at multiple levels with collaborating technologies, including SIEM, database monitoring and application monitoring, to provide the most complete prevention and detection strategy possible.
How many log management solutions does it take to mitigate cybersecurity risks, demonstrate compliance and streamline operations?
With the recent surge in workforce mobility, social networking and Web 2.0, organizations today face a new generation of threats that jeopardize the traditional corporate umbrella.While these areas are creating exciting new ways to connect with employees, customers and clients, they are also expanding the borders of the traditional enterprise and therefore introducing new avenues for potential breaches in security.
Databases have, by far, become the leading target of hackers and insiders with malicious intentions. According to Verizon's 2010 Data Breach Investigations Report, 92% of breached records originated in database servers. The fact that they contain organizations' most valuable data, such as customer records, financial information, employee PII and credit card data make them an attractive target.
While many organizations have deployed security information and event management (SIEM) solution to meet regulatory compliance requirements, high performance SIEM solutions can do much more. By correlating events, logs, and network flows SIEMs can uncover a range of diverse "low and slow" attacks. With threats moving rapidly "up the stack," content aware SIEMs can integrate database session and application layer data to detect dangerous botnets, hidden payloads and covert communications channels.
Government has had an increasingly heavy hand in how U.S. businesses protect their networks and the sensitive data within them by introducing legislation with major IT security implications, such as HIPAA, NERC and SOX. In the case of PCI DSS, the industry is self-regulating to try and stay ahead of government actions. With increasing demand for stronger levels of privacy and protection from malicious threats, companies must meet ever-evolving requirements or risk having both their reputations and revenue streams destroyed by breaches and the bad publicity that ensues.
If you're building out your Cloud Security strategy - or already have one in play - you will not want to miss this Webinar. In "Cloud Security - the Identity Factor", Ping Identity's CTO, Patrick Harding, will discuss the critical role of Identity in Cloud Security. The Webinar will address the dangers of synchronizing passwords, and why Internet Single Sign-On is a secure alternative.
DLP projects have tended to founder in complexity - and a lot of that is the discussion of hypothetical cases: what if we find this? How should we escalate or define a process if we find that? But many organizations report that what they find with DLP technology is often very different from what they thought they would.
Drawbacks of Open Source Privileged Identity Management, Least Privilege Application Compatibility for Windows 7 Migrations, & Top 5 Things You Should Do for Your Virtualized Environments
Compliance without Complexity & 2020 Vision of Web Security
Join Imprivata in exploring which authentication modality is right for your organization. This session will explore the pros and cons of user authentication options in addition to reviewing how you can mix and match various modalities to provide greater security.
Malware making use of PDF files is one of many complex threats that are "moving up the stack" to exploit vulnerabilities at the application and session layers. Visibility into the contents of applications, documents and protocols is needed to capture critical data to detect and remediate these advanced threats.
Join ArcSight security expert, Ryan Kalember, Director of Product Marketing, as he discusses how organizations can best defend against cyberthreats that have grown substantially in sophistication and potential to cause harm. This webinar will explore the commonalities among the latest breaches and detail the most pervasive new techniques. Attendees will learn how user activity monitoring techniques can be used to detect these new attacks
As organizations undergo rapid IT infrastructure transformation and look to deploy more efficient, secure and productive technologies, security event and incident management and regulatory compliance become mission critical priorities, as well as arduous tasks. Join Novell, Wipro and Dave Shackleford to learn how partnering with an IT security service provider can help you manage security complexity, and put you on a path to compliance while reducing operating costs.
Protecting Sensitive Data: Detecting and Blocking Unauthorized Access or Changes In 2009, databases were the number one source of breached records globally. Databases are an attractive target, containing organizations' most sensitive data, including financial records, credit card information and customer data. It is also the reason they are increasingly subject to regulations such as SOX, PCI DSS and the EU Data Privacy Directive.
Do you have visibility into everything that privileged users are doing on your network? The frequency of these threats is increasing and compliance regulations are changing to mandate monitoring of privileged user access. Yet most organizations can't answer "yes" to these questions. This panel discussion will focus on both the practical and regulatory aspects of effective privileged user monitoring - featuring two IT executives and a compliance expert.
The people in your organization will do whatever they have to do to be productive. And if that means that your current IT infrastructure is not conducive to helping them be productive, they will look for ways around your IT infrastructure safeguards. What does that mean? That means if their e-mail box is not large enough they will go online and find ones that are. That large file can be sent via e-mail -- they will find services and technologies to solve that issue. Can't get access to presentations and documents necessary to do that perfect sales presentation when you are remote -- they will start hosting the very same presentation and documents in a place that allows them to get to it. The iPhone and android phones are not supported by IT -- they will create proxies using home computers to push and pull e-mail from their smart devices.
The concept of security in layers takes the view that no single component can ensure the level of protection necessary to safeguard sensitive data. Instead, by leveraging the various technologies and approaches available today, organizations can implement security policies that meet regulatory requirements, and provide cost-effective controls to minimize data breaches.
Content Aware SIEM represents a new generation of Security Information and Event Management (SIEM) capabilities that extend the value and benefits of SIEM by providing visibility into the contents of applications, documents and protocols.
Keeping the network secure has become a daunting proposition for most enterprises. With hundreds of firewalls and a long list of network devices, it's hard for network teams to determine where to focus efforts to keep the network secure and available to users.
There are clear benefits to a company in providing remote access to the corporate network for their employees, customers and partners. However, access to the corporate network through an extranet, remote access gateway (VPN) or Microsoft® Windows® desktop effectively opens a door to the organization's most sensitive assets, intellectual property and customer data.
The network security industry has witnessed shifts in three major areas. Compliance has gained tremendous traction as organizations are dealing with multiple regulations to mitigate the risk in data loss and application downtime. Second, the convergence of multiple security functions into products that support a single function has evolved to include policy management integration. Third, the consolidation of data center infrastructure is being driven by virtualization tools, such as cloud computing models. In this 10-minute webcast, Roark Pollock will discuss how business benefits could be undermined by rising security exposure and the complexities of today's evolving threat landscape if the right protection is not in place.
Ever stuck in a situation where you're expected to do more with less. Or have to choose among three different solutions, one each for cybersecurity, compliance and IT ops? Don't know what to do? Attend this informational webinar to learn how to convert digital fingerprints into a single pane of glass to combat cybercrime, demonstrate regulatory compliance and streamline IT operations.
Endpoint security has long been a major component in the IT security arsenal. However, the complexion of today's "workforce" and the IT environment is dramatically changing, forcing organizations to rethink the definition of an endpoint protection strategy.
Today's new business culture, with expanding corporate perimeters, ubiquitous network connectivity, and the proliferation of mobile devices, involves new security risks. Businesses must ensure that their security policies are up to date and effectively communicated to their workforces in order to enforce acceptable use and protect against data theft and hijacking. Join John N. Stewart, Cisco Vice President and Chief Security Officer, to hear his thoughts regarding current mobile workforce trends and challenges, and his recommendations on how to best secure mobile devices.
Establishing, developing, and maintaining robust and secure business teleworking environments for their employees can help organizations successfully reduce costs and increase productivity. In this 10 minute webcast, Mick Scully, VP of Product Management for the Access Router Technology Group at Cisco, will explore the evolution of teleworking and provide a recap of the benefits organizations can achieve as well as some of the security challenges they must address when building a teleworking platform for their remote users.
Join John Kindervag, senior analyst from Forrester Research, and Geoff Webb, senior manager of product marketing for NetIQ, for a web seminar on "Conquering Data Protection Challenges." You'll learn how the pressures to secure sensitive information are growing evermore acute, how the penalties associated with a breach can be very damaging, and how to begin to manage and secure access to your data wherever it resides.
PCI DSS compliance continues to challenge businesses. 2009 brought additional guidelines, implementation changes and the PCI DSS 1.2 went into effect. 2010 promises further evolution of the PCI DSS standard. In this 10 minute webcast, Terri Quinn of Cisco Systems, a member of the PCI Board of Advisors, will give a recap of 2009 and the trends for 2010 in the world of PCI compliance.
This 10 minute webcast features Derek Brink, principle analyst for the security, risk and compliance practice at Aberdeen Group Research. His presentation features the highlights of a recent study which examines the practices of best in class companies in the area of governance, risk and compliance (GRC). You'll discover that despite the emphasis on GRC there are still many companies not able to achieve best in class results.
Everyone knows that data breaches can happen anywhere at any time. But what is far less understood is why data breaches happen and what can be done to prevent them. This webcast answers these three questions. It discusses the most common causes of data breaches and illustrates each cause to show how breaches can occur in multiple ways. Finally, it will show how Symantec is helping customers around the world prevent these data breaches and what steps you can take to protect your organization.
File transfer is a core business process at many organizations, and we're seeing the volume, reliance and sensitivity of files and data increasing exponentially. Traditionally, file transfer has simply been synonymous with FTP. However, today's focus on security and governance are requiring that organizations quickly deploy secure and managed file transfer solutions.
The most anticipated and misunderstood change in Windows 7 is User Account Control (UAC). Microsoft introduced UAC in Windows Vista to eliminate the need for users to run with administrative privileges. Despite its good intentions, Vista's UAC was widely criticized for its frequent user prompting for routine applications and installations and its inability to remove the need for users to run as local Administrator.
This 10 minute webcast features Matt Schnarr, Security Specialist with Intellitactics and reflects his real life experience at a global investment bank implementing consistent logging and event management for compliance and security.
Join us for an hour-long webcast covering the recent survey by the Ponemon Institute, The Security of Electronic Health Information. This webcast will include important findings from the recent survey by The Ponemon Institute, as well as current best practices to secure health care data.
Increasing protection from malware, preventing unauthorized software installs and stopping users from making unwanted desktop configuration setting changes is a priority for nearly all companies. Removing administrator rights is one of the best ways to secure desktops and to meet these goals. However, most users must be given administrative rights in order to run certain Windows applications, and self-install authorized software and ActiveX controls. In order to effectively secure desktops end users must still be able to perform necessary tasks for their jobs.
SQL injection attacks, malfeasance by insiders and regulatory requirements are driving organizations to find new ways to secure their critical databases and achieve compliance with SOX, PCI-DSS, NIST 800-53 and data protection laws.
Securing IT infrastructures today has become more of a challenge with the rise of consumer electronics usage in the workplace, Web 2.0 social networking, and criminal sophistication. Join us for an in-depth update on global threats and trends as outlined in the recently-released Cisco 2009 Midyear Security Report. The key findings of the report will be discussed along with proactive ways to defend organizations in today's distributed environment.
If you are not concerned about the potential risks to your IT environment posed by mis-configured firewalls or competing rules - you should be. The average enterprise has hundreds of firewalls and thousands of rules - making it impossible to manually monitor, evaluate, and ensure firewall compliance in large networks. In this webcast, John Kindervag, senior analyst at Forrester and Gidi Cohen, CEO of Skybox Security, will discuss the critical drivers for firewall auditing and its challenges, and explain why automated firewall audit solutions are an indispensible tool for IT security.
You already know the growth and changes in government, industry and internal regulations designed to protect data is becoming harder and more expensive to manage. Join us to learn how you can simplify the task by listening to The Top Tips to Keep Data Under Your Control. Compliance and security expert, John Metzger from Sophos, will present security compliance and recommend technology and strategies to help you succeed.
With bad behavior comes more regulation and that means regulatory oversight will continue to increase and put more pressure on overworked security and compliance groups. Whether it's PCI, HIPAA (and successors), NERC/FERC, or FISMA, organizations of all shapes and sizes tend to have to deal with not one, but many regulatory hierarchies and multiple audits. In this "10 Minutes On" SC Magazine webcast, Mike Rothman, SVP of Strategy for eIQnetworks will discuss an approach to provide leverage in both security and compliance operations.
Join us for this webcast addressing "Data loss during downsizing," discussing the results of a survey conducted by the Ponemon Institute. In these tough economic times, many companies are going through layoffs or downsizing. According to the survey results, more than half of ex-employees admit to stealing company data. Attend this webcast to find out why companies need to know exactly where sensitive data resides, how it is being used, and how to prevent it from being copied, downloaded or sent outside the company.
hether you're considering a security information management (SIM) solution to comply with regulations, such as PCI, SOX, GLBA, NERC CIP, FISMA and HIPAA, or attempting to simplify the collection and management of log and event data, or trying to increase your overall information security posture, or all of the above, there are some key factors to consider.
Merchants who accept payment cards are challenged with complying with the Payment Card Industry's Data Security Standard (PCI DSS). Because all systems that accept or use payment cards are considered in scope for PCI DSS compliance, there are very few ways to cut corners when seeking compliance. This webcast will present the concept and use of a new data security model, tokenization, which substitutes data surrogates for card numbers in systems throughout the enterprise, thus reducing scope for PCI DSS compliance and annual audits as well as lowering the risk of a data breach.
Laptops present a significant challenge for security focused companies. Laptop computers can be a common mechanism for viruses, spyware, and other security threats to enter an otherwise well-protected network. Join us for an exciting look at how you can eliminate the need to have users run with administrative rights on their laptops.
The business of running a Security Operations Center (SOC) is a difficult one. Who has the time to retain the right people, build comprehensive processes and procedures, and implement a robust Security Event and Information Management (SIEM) infrastructure? Those tasks require time, expertise and experience. Would you like to take a shortcut? This session will give you the tips and tricks based on actual client engagements that you'll need to side-step, bypass, and throw out the rigorous project needed to make a successful SOC. Need a SOC up and running in two weeks, but don't necessarily care about it running one year from now? This session is for you.
 copyresized_41936.jpg?format=jpg&zoom=1&quality=70&anchor=middlecenter&height=80&width=80&mode=crop "Moving your security strategy from reactive scramble to proactive risk management")
Taking a reactive approach to IT security is a risky proposition. Besides presenting unnecessary operational hurdles, making patch, update and configuration decisions based on a flood of data from disparate scanning and logging solutions can still leave the door open to attack.
